I used EoIP (add IPSec to encrypt it) it's easier to deal with routing and you can just use the firewall as normal. AWS also has security that prevents forwarding by default into the virtual network you also have to enable forwarding for the device in the AWS setup to allow the virtual LAN to forward extern IPs to it ( I can't remember the network option but it's a check box). Also check your firewalling as you have multplie levels for this in AWS L2 & L3. I had trouble with this part, captures showed the packets leaving the server but never reaching the Mikrotik on the same LAN so AWS were still filtering on the virtual LAN blocking the external IP's, the forwarding option is suppose to allow this. I ended up using a 1-1 NAT or port forwarding, routing our own IPs down the tunnel using loopbacks NAting onto the LAN to get around the forwading lockout. Darren On 23/06/2017 11:49 AM, Matt Chipman wrote:
Hi all, moving some servers out of an old site into the AWS cloud. Wanting to use a mikrotik NAT instance in front of a VPC connected to the office via IPSEC to extend the LAN into the cloud.
Currently can't get either the NAT to work or the IPSEC between the mikrotik boxs. Does anyone have this type of setup working or is it a no go?
I realise I can use AWS IPSEC endpoint and NAT device but the MT is much more flexible if I can get it working.
Thanks Matt _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus